High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-23	CVE-2016-9446	Improper Initialization vulnerability in multiple products The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. network low complexity gstreamer-project redhat fedoraproject CWE-665	7.5
2017-01-23	CVE-2015-8854	The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." network low complexity marked-project fedoraproject	7.5
2017-01-19	CVE-2016-7545	Improper Access Control vulnerability in multiple products SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. local low complexity selinux-project fedoraproject redhat CWE-284	8.8
2017-01-19	CVE-2016-7543	Improper Input Validation vulnerability in multiple products Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. local low complexity gnu fedoraproject CWE-20	8.4
2016-12-23	CVE-2016-7966	Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. network low complexity kde debian fedoraproject suse CWE-94	7.3
2016-12-13	CVE-2016-2334	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. local low complexity 7-zip fedoraproject oracle CWE-119	7.8
2016-12-13	CVE-2016-7952	Improper Access Control vulnerability in multiple products X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. network low complexity fedoraproject x-org CWE-284	7.5
2016-12-13	CVE-2016-7946	Improper Access Control vulnerability in multiple products X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. network low complexity x-org fedoraproject CWE-284	7.5
2016-12-13	CVE-2016-7945	Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. network low complexity fedoraproject x-org CWE-190	7.5
2016-12-09	CVE-2016-9014	Permissions, Privileges, and Access Controls vulnerability in multiple products Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. network high complexity fedoraproject canonical djangoproject CWE-264	8.1